Various methods have attempted to authenticate and secure communications. Most online transactions, for instance, are considered secure with assurances provided by service providers employed to protect users' data and privacy. Unfortunately, in most cases, these communications are protected with information private to a user and stored by a third-party. Recent news of compromised private data, previously considered to be secure has caused a new awareness of data vulnerability in the public sector.
Cryptographic methods to keep information shared among users, software, devices and the like, secure, are becoming more prevalent. Many judge just how secure a communication is by comparing which encryption algorithm is employed. Examples of encryption algorithms that are commercially used today include AES (Advanced Encryption Standard), Triple-DES (Data Encryption Standard), Blowfish, and RC4. Thus, the sheer number and variety of encryption methods begs the questions “which encryption is best and how much encryption is enough?”
Unfortunately, encryption alone does not ensure security and more importantly, privacy. Data that travels over “free and open” communication mediums such as cell phones and internet communications paths are grand targets for interception. Many are swayed into a false sense of security upon the pretense of their data being encrypted. Encrypting the data with a pre-existing algorithm just means that an equally outstanding algorithm is required to decrypt. Conversely, an easier method to decrypt exists: keys. Much like the keys to a home, the strength of the encryption over these insecure “free and open” communication media are only as good as the keys and the algorithms that use the keys to unlock the data. Find the key, and unlock the door.
Encryption methods: Two encryption methods are widely used today: Symmetric and Asymmetric. Both are key-based algorithms. Which method is more secure is the subject of much debate.
Symmetric cryptography: Symmetric cryptography (also know as private-key, single-key, secret-key, shared-key, and one-key encryption) exchanges “secret-keys” that are identical (or related computationally) to encrypt and decrypt data between two or more users. Types of symmetric key ciphers include block ciphers that input blocks of plaintext and stream ciphers that input individual characters. Popular examples of block cipher methods include TripleDES (Data Encryption Standard) and AES (Advanced Encryption Standard). RC4 is an example of stream cipher.
Trade-offs for Symmetric Methods: The advantages of this method are simplicity and speed. Users only have to specify a single key to encrypt or decrypt data. Symmetric cryptography is also much more resistant to brute force attacks and requires less computational power than its counterpart asymmetric cryptography. A chief issue of this method is that “secret keys” must be shared via some secret communication channel, which is the very purpose of sharing secret keys in the first place, thus presenting a “chicken-and-egg” situation. In addition, the origin and authenticity of a message cannot be guaranteed, since both users use the same key, leaving this method, like many other cryptographic methods, open to man-in-the-middle attacks. Lastly, communication with every new user requires a new key to be shared to prevent compromise of a “universal key”, thereby increasing the number of keys that have to be stored securely.
Hash Functions: Another type of cryptography is cryptographic hash functions. This method enables “digital signatures” to authenticate who a message is from and whether a message has been altered. Hash functions output a short hash of fixed length that is unique to a message and its author. Hash functions have gone through many mutations, culminating in 2012 when NIST (National Institute of Standards and Technology) announced an algorithm from Keccak won a competition and will thereby be the new Secure Hash Algorithm (SHA), called SHA-3.
Asymmetric cryptography: Asymmetric cryptography is a method that enables two parties to secretly agree on a shared encryption key. Since proposed in a paper from Whitfiled Diffie and Martin Helman in 1976, the idea of cryptography using “public and private mathematically related keys”, also called asymmetric, has been become widely popular, especially in online communications. Asymmetric cryptography uses two keys. One key is shared publically between users to use for encryption, while the other key is kept private to use for decryption. A public key is derived from a private key in such a way that that the private key can decrypt data encrypted from a related public key, but not vice versa. No information about a private key can be derived from a public key.
Trade-offs for Asymmetric Methods: A chief advantage of asymmetric cryptography is the reduction in the number of unique secret keys that have to be shared between users requesting to communicate. Disadvantages of this method include computational cost, slow speed, and the possibility for widespread compromise if a private key is compromised. Additionally, data may be irretrievable if a private key is lost. In addition, asymmetric encryption is far more susceptible to brute force attacks than symmetric encryption. For example, AES 256 is as strong as 15,360-bit methods using asymmetric encryption such as RSA (Rivest-Shamir-Aldemn). Last and possibly most challenging is the lack of authentication of public keys leaves the real possibility for man-in-the-middle attacks where a third party can impersonate an intended recipient by intercepting a sender's public key and exchange his or her own credentials with the sender without either the intended recipient nor the sender's knowledge.
Trusted 3rd Parties (Certificate Authorities): PKI (Public Key Infrastructure) and PGP (Pretty Good Privacy) are examples of asymmetric methods of encryption that rely upon some “trusted” authority to establish trust between peers over open communications such as the internet. These certificate authorities issue certificates that contain a public key of an entity and a cryptographic signature of the issuer, which is then passed to an intended recipient as evidence “they are who they say they are” (i.e. their “identity”). PGP and PKI differ in how they establish “trust.” PKI is based upon predetermined “trusted” certificate authorities (CA) while PGP is based on a “web of trust” that allows users to choose who they trust.
Trade-offs for Certificate Authorities: Like symmetric and asymmetric cryptography, certificate authorities are vulnerable to man-in-the-middle attacks. If a certificate authority is compromised, another party can cause false certificates to be issued to impersonate another entity. For instance, in July 2012, NIST issued a warning that theft of certificates would allow attackers to issue new “valid” certificates and/or “sign” malware. Although 3rd party certificate authorities may add security in some circumstances, credibility of this method is diminished when reports of compromise surface. New methods such as certificate pinning makes man-in-the-middle attacks more difficult, but it can still be bypassed in many ways. Under this architecture, if the certificates are compromised, likely so are all sessions that utilize the certificates and their associated keys.
HTTPS and SSL/TLS: Several methods to improve cryptography as a means of mutual authentication include asymmetric/symmetric combinations, such as SSL and TLS, where symmetric private keys are shared within the encryption by public keys. PKI is the basis of SSL/TLS (secure socket layer/transport layer security), which is the “padlock” used by https (hyperText transfer protocol secure), an application layer protocol widely considered to be the cornerstone of all online secure transactions. HTTPS also supports non-repudiation of messages via another cryptographic method called digital signatures, also called “cryptographic hash functions.” Symmetric methods still have the issue of a “shared” secrets between entities. It has also been shown that a private key becomes more susceptible to disclosure the longer it is used with a public key (PKI). SSL/TLS overcomes the weaknesses of authentication with PKI by using Certificate Authorities to certify the identity of a server or entity, and then overcomes the weaknesses of the speed computational expense of PKI by negotiating a temporary symmetric key for rapid encryption and decryption during a communication session.
Issues with SSL/TLS: Unfortunately, as of 2013, SSL/TLS, and thus HTTPS, is known to have some weaknesses. Some of these issues have been verified to be due to improper coding, as in the case of GnuTLS which had a bug in the code that neglected to correctly handle errors during TLS certificate (X.509 certificate) verification, similar to “goto fail” flaw in Apple's iOS and OS X operating system that left users at risk for surreptitious eavesdropping. Others are a result of using weaker symmetric methods for TLS such as RC4 within a hybrid asymmetric/symmetric implementation. For a time, RC4 was the most widely used stream cipher used within TLS (Transport Layer Security), which is the foundation of most security methods over internet and WEP (Wired Equivalent Privacy). RC4 is particularly vulnerable when non-random or related keys are used, or when the beginning of the output key-stream is not discarded.
Other Approaches: Several methods to improve cryptography as a means of mutual authentication include asymmetric/symmetric combinations, such as SSL and TLS, where symmetric private keys are shared within encryption by public keys. These methods still have the issue of a shared secret between entities. It has also been shown that a private key becomes more susceptible to disclosure the longer it is used with a public key (PKI). SSL/TLS overcomes the weaknesses of authentication with PKI by using Certificate Authorities to certify the identity of a server or entity, and then overcomes the weaknesses of the speed computational expense of PKI by negotiating a temporary symmetric key for rapid encryption and decryption during a communication session. This approach places emphasis on signature process with certification authorities, which also has weaknesses as previously discussed.
Regardless of the cryptographic method used for encryption or authentication, an approach that ensures entities “are who they say they are” is needed for various scenarios, for example, where a device falls into the hands of an unauthorized user. For such instances, methods such as biometrics have been promoted.
Biometrics: The same principle of key management for encryption also holds true for authentication. Authenticating methods that validate “you are who you say you are” typically utilize biometric features that uniquely identify an individual from any other individual. Unfortunately, like encryption keys, a biometric key is just another key that, if compromised, may provide a false sense of security. Furthermore, many implementations send biometric data along with other keys to authentication servers, traversing communication paths with limited security, leave the biometric sample open to interception. In addition, the widespread collection of biometric templates by governments and private companies alike, both whose custodianship has been brought into question as of late, further increases the chances of unauthorized access. Again, the same principle for exchanging encryption keys applies to exchange of authentication keys: Find the key, and unlock the door.
Multi-Factor Authentication: One approach that improves authentication is multi-factor authentication (MFA). MFA requires 2 or more factors to authenticate. Authentication factors generally consist of:
Knowledge—“something you know”
Possession—“something you have”
Biometrics—“someone you are”
Knowledge factors include passwords (secret words or phrases), PIN (personal identification number), and patterns (sequence(s) of cells). Possession factors include tokens (FOB, USB, contactless RFID, and the like), smart cards, etc. Biometric factors are typical biometric identifiers such as finger, face, voice and IRIS, among others.
Other Prior Art: Other approaches to improve authentication and key management include an approach offered by Herzber, et al., which builds on threshold cryptography by spreading out parts of a key over several entities in order to protect against any single point failure and reduce the probability of attack. This method assumes security is robust in multiple locations, which may prove challenging in some configurations. Methods involving double encryption where messages can be encrypted and decrypted with combinations of a sender's and an intended recipient's public and private key pair could yield disastrous consequences if one key is compromised.
Other approaches that involve using a central authentication server to forward authenticated messages further increase latency and introduce yet another potential failure point by adding another step in the process. Yet other approaches attempt to use a common clock to synchronize both sides with an additional secret being time. Halevi and Krawczyk explore another asymmetric method that leverages an authentication server to hold private keys for entities and use its own public key to authenticate passwords from the entities. Similar prior art is offered where the entity and authentication server authenticate each other with public/private key pairs, but such approaches are still susceptible to man-in-the-middle attacks. Boyarsky leverages the approaches offered from Halevi and Krawczyk to propose a method where an authentication server signs a user's session key with the server's public key. This system utilizes one-time private and public keys performed on one entity's user password. Other new password related methods include single sign-on (SSO) methods such as BYOI (bring your own identity), where authentication is based upon existing social identities, such as Facebook, Twitter and the like, which lowers administrative overhead, but at a higher risk of identity theft. Token-based methods may also include protocols such as but not limited to one-time passcodes/passwords (OTP), public-key infrastructure (PKI) and single sign-on (SSO) methods. Issues with these methods include synchronization, certificate authorities, and integration that may make implementation unattractive.
New Methods: Which cryptographic authentication and encryption method is more secure is the subject of much debate. Regardless of the encryption method, the issue with encryption is that the keys still must be protected. Compromise of a private key, though unlikely, could prove catastrophic. Whether disclosure is a result of flawed implementations or a flawed protocol or architecture, recent disclosures of private data bring into focus the need for some new approaches to guarantee authenticity and place control of data into the hands of the user to control his or her own secrets, keys, and private data.